Policies form the foundation of any security infrastructure. Policies define how ITS will approach security, how employees (staff/faculty) need to approach security, how students are to approach security, and how certain situations will be handled.

While this web page lists many university policies, it is not an exhaustive or complete list. New regulations, policies and procedures are constantly evolving. Laws, policies, or other regulations on aspects not specific to networks or computing may apply, e.g.: student conduct, personnel policy or contract, sexual harassment, chain letter laws, or other regulations.

---

University of California policies and guidelines specific to computer/network resources:

• University of California IT Policies
• University of California Electronic Communications Policy
• Digital Copyright Protection at the University of California
• Management Guide for Information Security
• UC Business and Finance Bulletins -- IS Series - Information Systems
• President Yudof's Statement on Social Security Numbers - Feb. 10, 2010 (PDF)

---

UC Santa Cruz policies and guidelines specific to computer/network resources:

       UCSC Information Security Program Framework Diagram (PDF)
       Log of Policy Updates
       Glossary of selected terms in UCSC IT-related policies, procedures and guidelines

CAMPUS POLICIES AND PROCEDURES

• Campus Policies (link to the Campus Policy Page):
  • Policy for Acceptable Use of UCSC Electronic Information Resources ("Acceptable Use Policy")
  • Minimum Network Connectivity Requirements Policy
  • Password Policy
  • UCSC Implementation of the UC Electronic Communications Policy (ECPI)
  • HIPAA Security Rule Compliance Policy

• Procedures supporting the above campus policies:
  • Understanding UCSC's Minimum Network Connectivity Requirements
  • UCSC Password Strength and Security Standards - updated Jan 2012
    
  • "Access Without Consent" Process and Form (PDF)
  • Notice about Access to Records upon Employee Separation - NEW June 2011
  • ITS Routine System Monitoring Practices
  • SSN Scanning Methodology
  • Implementing UCSC's HIPAA Security Rule Compliance Policy - updated Oct 2011

• Other campus policy statements:
  • PII Inventory and Security Breach Procedures
  • UC Santa Cruz ResNet Responsible Use Policy
  • Instructional Computing Lab Policy Summary
  • SSL Certificate Policy
  • Electronic Official Communications Statement

PROTECTING RESTRICTED DATA

Protection of Social Security Numbers: Letter to campus from CP/EVC Kliger and VC IT Doyle - April 2010

• Practices for Protecting Electronic Restricted Data
  • "Quick-Reference"
• Protection Matrix
• IS-3 Assessment Template (Excel)
• Security Issue Matrix: Blank (Word) / Seeded (Word) / Instructions
• University Administrative Information Systems, Access to Information Statement (PDF)
  (all individuals with access to restricted data should read and sign)

ADDITIONAL PRACTICES, PROCEDURES AND GUIDELINES

• Data Security Contract Language
• Digital Millennium Copyright Act (DMCA) at UC Santa Cruz
• UCSC Plan for Combating Unauthorized Distribution of Copyrighted Materials
• Guidelines and Procedures for Blocking Network Access
• ITS Backup Retention Standards - NEW Jan 2012
• Payment Card Industry Data Security Standard (PCI DSS) Compliance at UCSC
• Remote Access Requirements
• Secure Browser Settings
• Security Standards and Resources 

INFORMATION TECHNOLOGY SERVICES (ITS) DIVISIONAL POLICIES

• ITS Commercial Endorsement Policy
• ITS Policy Regarding Personal Identity Information (PII)
• Instructions for information requests from FBI/Federal Law Enforcement
• ITS Sanction Information
• Procedures for responding to compromised computers

---

Other General UC and UCSC Policies and Resources:

• UC Systemwide Policies and Guidelines
• UC Santa Cruz Policies and Procedures
• Student Policies and Regulations Handbook
• Title IX/Sexual Harassment Office
• University Police

---

Local, State, or Federal laws

• United States Code from the Office of the Law Revision Counsel under the U.S. House of Representatives
• California legislative information, maintained by the Legislative Counsel of California
• United States Copyright Office

---

Draft UC Santa Cruz Information Technology policies, guidelines, and practices Please forward feedback to itpolicy@ucsc.edu

• Information Security Log Policy - updated 8/2/11
  • Draft Log Procedures - updated 8/2/11
• WiFi Policy- updated 8/29/11
  • WiFi Standards- updated 8/29/11
• Use of Free/Low Cost IT Services - updated 8/2/10
• Expanded Practices for Protecting Electronic Restricted Data, Management section - updated 2/11/10
• Roles and Responsibilities for UCSC Electronic Information Resources (PDF) - ON HOLD: updated 1/31/08